Need Veracode STO step support failing on policy evaluation result
in progress
D
Dew Gibbon
Our Veracode is set to fail on Policy, this allows for VMAST to ignore a vuln that is proven to be a false positive for a given team/module.
We found Veracode STO step only support fail_on_severity. So our user will see the discrepancy between harness pipeline status and veracode site status ( see attached). If you look at the veracode report, you can see there's a attribute called "policy_compliance_status", that's the policy status shows up in our veracode site.
Log In
Canny AI
Merged in a post:
Discrepancy in the security result on Harness side when comparing data with Sonarqube
F
Famous Wallaby
We are running code analysis and security scan pipeline(i.e -: https://dev.azure.com/BridgestoneGlobal/Retail%20Technical%20Solutions/_build?definitionId=6540) inside of ADO. Corresponding to this pipeline we can see only 12 issues on Sonarqube side but on Harness side the number issue in logs side is different.
Even though we run the pipelines for support_dev_int.Its picking up the result of master pipilines
Pritesh Chandaliya
in progress
Pritesh Chandaliya
this fiscal quarter
Should be available by end of Oct 2024
Pritesh Chandaliya
Famous Wallaby any update?
Pritesh Chandaliya
Famous Wallaby is there a ticket for this issue?
We only tackle feature requests here. Any bug or error should be created via zendesk/support.
Pritesh Chandaliya
Is there is a ticket associated with this bug?
Because SonarQube branching support has been added and released while back, please confirm if this is still a requirement/out standing bug.
Thanks! Famous Wallaby
Pritesh Chandaliya
Any update on this one Famous Wallaby?
Pritesh Chandaliya
Famous Wallaby just to make sure we are on the same page - SonarQube started supporting scanning PR and branches a while back but STO at harness did not supported it until currently. We now support the feature on our side. so hopefully this should fix the issue. Can you please check now, and let us know if there is anything else you need help with or if this was a different issue. I do not see the RCA or additional details for knowing this. Thanks!
F
Famous Wallaby
Pritesh Chandaliya Hi we will check on this and confirm you
B
Beryl Dormouse
next fiscal quarter
B
Beryl Dormouse
under review
Load More
→